If you’re reading this, you may have spotted August’s test phishing email! This email was sent as part of the Secure UD “Take a BITE out of phish!” campaign, a University initiative to raise our community’s awareness about phishing attacks, their consequences, and how to avoid becoming a victim. Each month, a random sample of employees will receive a harmless test phish like this one:

Let’s look at why this email is suspicious:

  1. Look out for missing details. Lack of personal details within the email, such as your name, is suspicious. If you were a frequent flier, and receiving bonus miles, they should have your name associated with your account and email address.
  2. Check for poor spelling or grammar. Many phishing emails will have common grammar or spelling mistakes. In this case, both “eligible” and “receive” are spelled incorrectly. More suspiciously is that “Caribbean” is also misspelled, and shouldn’t a travel company know how to correctly spell destinations?
  3. Don’t feel pressured by the sense of urgency. Phishing attacks like this one urge you to reply immediately or else face consequences. In this case, the email wants you to claim your miles, since the deal will “expire in 48 hours.”
  4. Don’t click links within a suspicious e-mail. Links in a suspicious email may take you to a criminal or malicious website. When in doubt, hover your mouse over the text of the hyperlink (you should see the full URL, which will help to show whether it leads to a legitimate website).
  5. Check the branding. Is this a brand or logo that you recognize? This email does not have any recognizable branding and is sent from “Frequent Flier Customer Relations,” a very generic signature. Some hackers can create official-looking logos or branding that could trick you into thinking the email comes from a legitimate source.

A recent FBI article details ways that you can protect yourself against travel-specific scams. For example, knowing the cancellation policy of a hotel or airline, can help you if you end up booking through a disreputable source and wish cancel. Similarly, paying with a credit card makes it more likely that you could get your money back if necessary, since you would be able to dispute the charges with the credit card company. Following the advice in this article would be a good practice when making travel plans or when confronted with a travel deal that seems too good to be true.

Always exercise caution; if you receive a suspicious request for your payment information, instructions to visit a suspicious website, or download a suspicious attachment, forward the message to reportaphish@udel.edu.

And as always, Think B4 You Click!